Hackers abuse modified Salesforce app to steal data, extort companies, Google says
The hackers, tracked by the Google Threat Intelligence Group as UNC6040, have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorised, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said. A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organisations had data successfully exfiltrated, the spokesperson said.
A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.'
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was "aware of only a small subset of affected customers," and said it was "not a widespread issue." Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
&w=3840&q=100)
Business Standard
7 minutes ago
- Business Standard
CoreWeave commits $6 bn to Pennsylvania data centre amid Trump AI push
The announcement will be made during a CEO roundtable with Trump at Senator Dave McCormick's inaugural Pennsylvania Energy and Innovation Summit, the company said in a statement Reuters
Mint
24 minutes ago
- Mint
Google's AI agent ‘Big Sleep' foils cyberattack in groundbreaking first, says Sundar Pichai
In a major breakthrough for cybersecurity, Google CEO Sundar Pichai announced on Tuesday (July 15) that the company's AI agent, Big Sleep, successfully identified and thwarted a cyber exploit before it could be deployed — a first-of-its-kind achievement for artificial intelligence in threat prevention. 'New from our security teams: Our AI agent Big Sleep helped us detect and foil an imminent exploit. We believe this is a first for an AI agent - definitely not the last - giving cybersecurity defenders new tools to stop threats before they're widespread,' Pichai posted on X (formerly Twitter). A new era in cybersecurity? This marks a potential inflection point in cybersecurity, as AI shifts from passive defense — identifying threats post-breach — to proactive interdiction. What's next for 'Big Sleep' Google has not disclosed when Big Sleep was deployed or how long it has been operational. However, Pichai's post suggests this is just the beginning of more AI-driven defense tools that will be used across Google's ecosystem and offered to cloud clients. This incident also raises questions about how governments, enterprises, and cloud service providers will collaborate with AI to stay ahead of increasingly sophisticated threat actors. As cyberattacks grow more frequent and damaging, the use of advanced AI like Big Sleep may become standard across global IT defenses.
&w=3840&q=100)
Business Standard
29 minutes ago
- Business Standard
Opec sees stronger global economy in H2 2025 as oil demand stays firm
OPEC's demand forecasts are at the higher end of the industry range, as the agency expects a slower energy transition than some other forecasters Reuters OPEC said the global economy may perform better than expected in the second half of the year despite trade conflicts and refineries' crude intake would remain elevated to meet the uptick in summer travel, helping to support the demand outlook. In a monthly report on Tuesday, the Organization of the Petroleum Exporting Countries left its forecasts for global oil demand growth unchanged in 2025 and 2026 after reductions in April, saying the economic outlook was robust. "India, China, and Brazil are outperforming expectations so far, while the United States and the Eurozone are experiencing a continued rebound from last year," OPEC said in the report. "With this, the second-half 2025 economic growth may turn out better than currently expected." A solid economy shrugging off trade conflicts would make it easier for OPEC+, which groups OPEC plus Russia and other allies, to proceed with its plan to pump more barrels to regain market share after years of cuts aimed at supporting the market. OPEC+ agreed on July 5 to raise production by 548,000 barrels per day in August, further accelerating output increases at its first meeting since oil prices jumped, then retreated, following Israeli and US attacks on Iran. Oil prices have not significantly fallen despite the larger than expected OPEC+ hike and US President Donald Trump's 50-day deadline for Russia to end the Ukraine war , finding support from rising seasonal demand. Global refinery crude intake posted a sharp increase of 2.1 million bpd in June from May as refiners returned from maintenance, a sign of a stronger oil market, OPEC said in the report, adding that throughput was likely to stay high. "Refinery intakes globally, and particularly in the US, are expected to keep throughputs elevated to meet the seasonal uptick in transport fuel demand, especially that of gasoline, jet/kerosene and residual fuel," OPEC said. OPEC's demand forecasts are at the higher end of the industry range, as the agency expects a slower energy transition than some other forecasters. The International Energy Agency last week trimmed its demand forecasts but said the market may be tighter than it appears as refineries ramp up processing to meet summer travel demand. Brent crude was steady after OPEC published the report, trading close to $69 a barrel. OPEC's report also showed that in June OPEC+ pumped 41.56 million bpd, up 349,000 bpd from May. This is slightly less than the 411,000 bpd hike called for by the group's increase in its June quotas. The actual hike was smaller than the headline increase in quotas partly because some nations, such as Iraq, cut output as part of a pledge to make further reductions for earlier pumping above targets. Still, output in Kazakhstan, which is under pressure to comply with OPEC+ quotas, rose last month after slightly falling in May and remained above the country's quota. According to OPEC, Kazakhstan's oil production rose by 64,000 bpd in June to 1.847 million bpd.
